Lucene search
K

7613 matches found

Ivanti
Ivanti
added 2023/02/14 7:22 a.m.6 views

JSA10377 - Pulse Policy Secure (PPS): Cross-Site Scripting Vulnerability

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Older software versions of Policy Secure are prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute an arbitrary script. This issue is caused by ...

7.2AI score
Exploits0
Cvelist
Cvelist
added 2023/02/14 12:0 a.m.23 views

CVE-2023-22376

Reflected cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to inject arbitrary script to inject an arbitrary script. NOTE: This vulnerability only affects products that are no longer supported by the...

6.7AI score0.00508EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/02/14 12:0 a.m.8 views

Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G 跨站脚本漏洞

PLANEX Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G is a camera from PLANEX. A security vulnerability exists in the Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G. An attacker can exploit this vulnerability to inject arbitrary scripts...

6.1CVSS6.4AI score0.00508EPSS
Exploits0References3
NVD
NVD
added 2023/02/10 4:15 p.m.8 views

CVE-2023-24234

A stored cross-site scripting XSS vulnerability in the component php-inventory-management-system/brand.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Brand Name parameter...

4.8CVSS4.9AI score0.0048EPSS
Exploits0References2
Prion
Prion
added 2023/02/10 4:15 p.m.17 views

Cross site scripting

A stored cross-site scripting XSS vulnerability in the component php-inventory-management-system/brand.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Brand Name parameter...

4.3CVSS4.9AI score0.0048EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/02/10 12:0 a.m.5 views

Inventory Management System 跨站脚本漏洞

Inventory Management System is an inventory management system by stemword individual developers. A security vulnerability exists in Inventory Management System v1. An attacker can exploit this vulnerability to execute arbitrary web script or HTML by injecting a specially crafted payload into the...

4.8CVSS5.7AI score0.0048EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/02/10 12:0 a.m.4 views

CVE-2023-24233

A stored cross-site scripting XSS vulnerability in the component /php-inventory-management-system/orders.php?o=add of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Client Name parameter...

5.7AI score0.0048EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/02/10 12:0 a.m.3 views

Inventory Management System 跨站脚本漏洞

Inventory Management System is an inventory management system by stemword individual developers. A security vulnerability exists in Inventory Management System v1. An attacker can exploit this vulnerability to execute arbitrary web script or HTML by injecting a specially crafted payload into the...

4.8CVSS5.7AI score0.0048EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/02/09 12:0 a.m.5 views

CVE-2023-24322

A reflected cross-site scripting XSS vulnerability in the FileDialog.aspx component of mojoPortal v2.7.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters...

5.9AI score0.31714EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/02/02 8:28 a.m.9 views

CVE-2022-2546 All-in-One WP Migration < 7.63 - Unauthenticated Reflected XSS

The All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not properly escape the response from the ai1wmexport AJAX action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response...

4.8AI score0.01204EPSS
Exploits3References1
NVD
NVD
added 2023/01/30 7:15 a.m.25 views

CVE-2023-22333

Cross-site scripting vulnerability in EasyMail 2.00.130 and earlier allows a remote unauthenticated attacker to inject an arbitrary script...

6.1CVSS6.2AI score0.00508EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/01/30 12:0 a.m.26 views

CVE-2023-22333

Cross-site scripting vulnerability in EasyMail 2.00.130 and earlier allows a remote unauthenticated attacker to inject an arbitrary script...

6.4AI score0.00508EPSS
Exploits0References2
Prion
Prion
added 2023/01/27 10:15 p.m.15 views

Cross site scripting

A stored cross-site scripting XSS vulnerability in /index.php?page=help of Revenue Collection System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into sent messages...

4.9CVSS5.2AI score0.00513EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2023/01/26 9:18 p.m.14 views

CVE-2023-24494

A stored cross-site scripting XSS vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user...

5.4CVSS5.3AI score0.00686EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.4 views

Small CRM 跨站脚本漏洞

PHPGurukul Small CRM is a customer relationship management system. A security vulnerability exists in Small CRM v3.0, which stems from the Subject parameter of its Create Ticket page that allows an attacker to inject a crafted payload to execute arbitrary web script and HTML...

5.4CVSS6.1AI score0.00617EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/01/25 12:0 a.m.28 views

AlmaLinux 9 : libreoffice (ALSA-2023:0304)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:0304 advisory. - LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme...

8.8CVSS7.8AI score0.04354EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/01/25 12:0 a.m.7 views

CVE-2022-45730

A cross-site scripting XSS vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search function...

5.9AI score0.00503EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/01/24 7:0 a.m.1 views

EasyMail vulnerable to cross-site scripting

Overview EasyMail provided by First Net Japan Inc. contains a stored cross-site scripting vulnerability CWE-79. Toyama Taku reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed...

6.1CVSS5.8AI score0.00508EPSS
Exploits0References5
Oracle linux
Oracle linux
added 2023/01/24 12:0 a.m.105 views

libreoffice security update

7.1.8.1-8.0.1 - Replace colors with Oracle colors Orabug: 32120093 - Build with --with-vendor='Oracle America, Inc.' - Added the --with-hamcrest option to configure. 1:7.1.8.1-8 - Resolves: rhbz2134759 Untrusted Macros - Resolves: rhbz2134757 Weak Master Keys - Resolves: rhbz2134755 Static...

8.8CVSS3.8AI score0.04354EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/01/24 12:0 a.m.28 views

Oracle Linux 9 : libreoffice (ELSA-2023-0304)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0304 advisory. 7.1.8.1-8.0.1 - Replace colors with Oracle colors Orabug: 32120093 - Build with --with-vendor='Oracle America, Inc.' - Added the --with-hamcrest option...

8.8CVSS7.4AI score0.04354EPSS
Exploits0References5
Rows per page
Query Builder